PHPDeveloper.orghttp://www.phpdeveloper.org
Up-to-the Minute PHP News, views and communityen-usTue, 03 Mar 2015 16:49:30 -060030http://www.phpdeveloper.org/news/4727http://www.phpdeveloper.org/news/4727
a new post from Harry Fuecks with his take on the whole "PHP security" issue that's being tossed around lately.

So the usual denials have been made (see replies to Chris's entry) - "Damn newbies", "Holes in PHP-based app != PHP insecure", etc., all of which I agree with. But...

He also mentions that this kind of talk could do more harm than good, making people that were on the edge lean back and take another look somewhere else. He also gives an example, a short bit of PHP and HTML that shines light on a typical XSS example - and asks if it's the developer's fault for not knowing, or the language's fault for not handling it right? Other topics he touches on as well are short tags and the use of filtering for all user input...]]>